
Bugtraq mailing list archives
Re: ftpd: the advisory version
From: admin () RNC RU (Kasatenko Ivan Alex.)
Date: Thu, 29 Jun 2000 11:55:21 +0400
Hello! On Wed, Jun 28, 2000 at 10:55:19PM +0200, Sebastian wrote:
Hi. So this is still unsafe: void func_weak (char *domain) { unsigned char buff[2000]; size_t len = domain[0]; strncpy (&buff[0], &domain[1], len); buff[1999] = '\x00'; }
It *is* safe, as far as the char type is concerned. And len cannot fall below zero and cannot grow above 255. (0 <= char <= 255, on most platforms) The size of buff is much more than 255. So this code is safe, in my opinion. The problem may reveal itself only on computers where char type is signed by default. *wave*, John <skywriter () rnc ru>
Current thread:
- Re: ftpd: the advisory version, (continued)
- Re: ftpd: the advisory version Mike Eldridge (Jun 29)
- Linux capability bounding set weakness Patrick Reynolds (Jun 26)
- Re: Linux capability bounding set weakness Paul Wouters (Jun 27)
- Re: Linux capability bounding set weakness Matthew Kirkwood (Jun 27)
- Improved ARP sniffer Paul Starzetz (Jun 27)
- [suse-security-announce] SuSE Security Announcement: kernel-2.2.x (fwd) Daniel T. Chen (Jun 27)
- Re: ftpd: the advisory version Steven M. Bellovin (Jun 26)
- Re: ftpd: the advisory version Dan Harkless (Jun 27)
- Re: ftpd: the advisory version Teodor Cimpoesu (Jun 28)
- Re: ftpd: the advisory version Sebastian (Jun 28)
- Re: ftpd: the advisory version Kasatenko Ivan Alex. (Jun 29)
- Re: ftpd: the advisory version Barney Wolff (Jun 29)
- Re: ftpd: the advisory version Sebastian (Jun 29)
- (forw) Re: Netscape ftp Server (fwd) Elias Levy (Jun 29)
- Re: ftpd: the advisory version Juergen P. Meier (Jun 30)
- SecureXpert Advisory [SX-20000620-1] SecureXpert DIRECT Sender (Jun 30)
- SecureXpert Advisory [SX-20000620-3] SecureXpert DIRECT Sender (Jun 30)
- Re: ftpd: the advisory version Roger Espel Llima (Jun 28)
- Re: ftpd: the advisory version Kragen Sitaker (Jun 28)